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ABSTRACT OF T HE DISCLOSURE 

A method of remotely accessing a postage security account at a data 
center from a remote user device begins with a remote user assigning a 
5 password to the user's postage security account at a data center. A 
cryptographic key corresponding to the user's postage security account is 
provided to the remote user device and is stored at the data center. The 
password and the cryptographic key are combined at the remote user device 
and the data center respectively to obtain a user authentication key. An 

10 authentication algorithm is performed using the user authentication key to 
obtain a remote access message. The remote access message is sent to the 
data center to initiate request for access to the postage security account by 
the remote user device. The remote user device is authenticated * for 
accessing the postage security account when the data center verifies the 

15 remote access message. 
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What is Claimed U» - 

1. A method of remotely accessing a postage security account at a 
data center from a remote user device, the method comprising the steps of: 
providing a password to a user; 

providing to a remote user device a cryptographic key corresponding to a 
postage security account at a data center 

combining the password and the cryptographic key to obtain a user 
authentication key; 

performing an authentication algorithm using the user authentication key 
to obtain a remote access message; 

sending the remote access message to the data center to initiate a 
request for access to the postage security account by the remote user device; 
and 

authenticating the remote user device requesting access to the postage 
security account by verifying the remote access message. 

2. The method of claim 1 wherein the cryptographic key is provided to 
the user on portable media. 

3. The method of claim 2 wherein the portable media is a diskette. 

4. The method of claim 1 comprising the further step of: 

providing the password to the data center wherein the combining step is 
performed by the remote user device and the data center. 

5. The method of claim 1 comprising the further step of: 

providing the password to the data center wherein the combining step is 
performed by the remote user device for each communication session with the 
data center and is performed by the data center during only an initial 
communication session. 
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6. The method of claim 1 comprising the further st ps of: 

sending the password from the remote user device to the data center 
during an initialization communication; and 

storing the user authentication key at the data center 

7. The method of claim 1 comprising the further steps of. 

sending the user authentication key from the remote user device to the 
data center during an initialization communication; and 

storing the user authentication key at the data center. 

8. A method of remotely accessing a transaction evidencing account 
at a data center from a remote user device, the method comprising the steps of 

providing a password to a user; 

providing to a remote user device a cryptographic key corresponding to 
the transaction evidencing account at a data center; 

combining the password and the cryptographic key to obtain a user 
authentication key; 

performing an authentication algorithm using the user authentication key 
to obtain a remote access message; 

sending the remote access message to the data center to initiate a 
request for access to the transaction evidencing account; and 

authenticating the remote user device requesting access to the 
transaction evidencing account by verifying the remote access message. 

9. The method of claim 8 wherein the cryptographic key is provided to 
the user on portable media. 

10. The method of claim 9 wherein the portable media is a diskette. 

1 1 . The method of claim 8 comprising the further step of: 

providing the password to the data center wherein the combining step is 
performed by the remote user device and the data center. 



21 



CA 02263434 1999-02-11 
WO 98/57460 ^ PCT/US 98/1 2206 

12. Th method of claim 8 comprising the further st p of: 

providing the password to the data center wherein the combining step is 
performed by the remote user device for each communication session with the 
data center and is performed by the data center during only an initial 
communication session. 

13. The method of claim 8 comprising the further steps of: 

sending the password from the remote user device to the data center 
during an initialization communication; and 

storing the user authentication key at the data center. 
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METHOD FOR ACCESS CONTROL IN A VIRTUAL POSTAGE 

METERING SYSTEM 

Technical Ftotd 

5 The present invention relates generally to a postage metering system 

and method for evidencing postage payment in an open system and, more 
particularly, to a postage metering system and method for evidencing postage 
payment in a virtual meter configuration. 

10 Related AppHr^tingft 

The present application is related to the following Canadian Patent 
Application Serial Nos. 2263437, 2263415, 2264622. 2263436 and 2263131 
(Attorney Docket Nos. E-731, E-733, E-734, E-735 and E-738) all being 
assigned to the assignee of the present invention. 

15 

Background Art 

Postage metering systems have been developed which employ 
encrypted information that is printed on a mailpiece as part of an indicium 
evidencing postage payment. The encrypted information includes a postage 
20 value for the mailpiece combined with other postal data that relate to the 
mailpiece and the postage meter printing the indicium. The encrypted 
information, typically referred to as a digital token or a digital signature, 
authenticates and protects the integrity of information, including the postage 
value, imprinted on the mailpiece for later verification of postage payment. 
25 Since the digital token incorporates encrypted information relating to the 
evidencing of postage payment, altering the printed information in an indicium 
is detectable by standard verification procedures. Examples of systems that 
generate and print such indicium are described in U.S. Patent Numbers 
4,725,718, 4,757,537, 4,775,246 and 4,873,645, each assigned to the 
30 assignee of the present invention. 

Presently, there are two postage metering device types: closed system 
and open system. In a closed system, the system functionality is solely 



CA 02263434 1999-02-11 



WO 98/57460 PCT/US98/12206 

dedicated to metering activity. Examples of closed system met ring devices, 
also referred to as postage evidencing devices, include conventional digital and 
analog (mechanical and electronic) postage meters wherein a dedicated printer 
is securely coupled to a metering or accounting function. In a closed system, 
5 typically the printer is securely coupled and dedicated to the meter, and printing 
evidence of postage cannot take place without accounting for the evidence of 
postage. In an open system, the printer is not dedicated to the metering activity, 
freeing system functionality for multiple and diverse uses in addition to the 
metering activity. Examples of open system metering devices include personal 

10 computer (PC) based devices with single and/or multi-tasking operating systems, 
multi-user applications and digital printers. An open system metering device is a 
postage evidencing device with a non-dedicated printer that is not securely 
coupled to a secure accounting module. An open system indicium printed by the 
non-dedicated printer is made secure by including addressee information in the 

15 encrypted evidence of postage printed on the mailpiece for subsequent 
verification. See U.S. Patent Numbers 4,725,718 and 4,831,555, each assigned 
to the assignee of the present invention. 

The United States Postal Service ("USPS") has proposed an Information- 
Based Indicia Program ("IBIP"), which is a distributed trusted system to retrofit 

20 and augment existing postage meters using new evidence of postage payment 
known as information-based indicia. The program relies on digital signature 
techniques to produce for each envelope an indicium whose origin can be 
authenticated and content cannot be modified. IBIP is expected to support new 
methods of applying postage in addition to the current approach, which typically 

25 relies on a postage meter to print indicia on mailpieces. IBIP requires printing a 
large, high density, two-dimensional ( tt 2-D M ) bar code on a mailpiece. The 2-D 
bar code encodes information and is signed with a digital signature. 

The USPS has published draft specifications for IBIP. The 
INFORMATION BASED INDICIA PROGRAM (IBIP) INDICIUM 

30 SPECIFICATION, dated June 13, 1996, and revised July 23, 1997, flBIP 
Indicium Specification'') defines the proposed requirements for a new indicium 
that will be applied to mail being created using IBIP. The INFORMATION 
BASED INDICIA PROGRAM POSTAL SECURITY DEVICE SPECIFICATION, 
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dated June 13. 1996, and revised July 23, 1997, ("IBIP PSD Specification") 
defines the proposed requirements for a Postal Securfty Device ("PSD"), which is 
a secure processor-based accounting device that dispenses and accounts for 
postal value stored therein to support the creation of a new "information based- 
postage postmark or indicium that will be applied to mail being processed using 
IBIP. The INFORMATION BASED INDICIA PROGRAM HOST SYSTEM 
SPECIFICATION, dated October 9, 1996, defines the proposed requirements for 
a host system element of IBIP ("IBIP Host Specification-). IBIP includes 
interfacing user, postal and vendor infrastructures, which are the system 
elements of the program. The INFORMATION BASED INDICIA PROGRAM 
KEY MANAGEMENT PLAN, dated April 25, 1997, defines the generation, 
distribution, use and replacement of the cryptographic keys used by the USPS 
product/service provider and PSDs ("IBIP KMS Specification"). The 
specifications are collectively referred to herein as the "IBIP Specifications". 

The IBIP Specifications define a stand-alone open metering system, 
referred to herein as a PC Meter comprising a PSD coupled to a computer 
system, such as a personal computer, ("PC") which operates as a host system 
with a printer coupled thereto ("Host PC"). The Host PC runs the metering 
application software and associated libraries (collectively referred to herein as 
"Host Applications") and communicates with one or more attached PSDs. The 
PC Meter can only access PSDs coupled to the Host PC. There is no remote 
PSD access for the PC Meter. 

The PC Meter processes transactions for dispensing postage, registration 
and refill on the Host PC. Processing is performed locally between the Host PC 
25 and the PSD coupled thereto. Connections to a Data Center, for example for 
registration and refill transactions, are made locally from the Host PC through a 
local or network modem/internet connection. Accounting for debits and credits to 
the PSD is also performed locally, logging the transactions on the Host PC. The 
Host PC may accommodate more than one PSD, for example supporting one 
30 PSD per serial port. Several application programs running on the Host PC. such 
as a word processor or an envelope designer, may access the Host Applications. 

The IBIP Specifications do not address an IBIP open metering system on 
a network environment. However, the specifications do not prohibit such a 
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network-based system. Generally, in a network environment a network Server 
controls remote printing requested by a Client PC on the network. Of course, the 
Client PC controls any local printing. 

One version of a network metering system, referred to herein as a "virtual 
5 meter", has many Host PCs without any PSDs coupled thereto. The Host PCs 
run Host Applications, but all PSD functions are performed on Server(s) located 
at a Data Center. The PSD functions at the Data Center may be performed in a 
secure device attached to a computer at the Data Center, or may be performed 
in the computer itself. The Host PCs must connect with the Data Center to 

10 process transactions such as postage dispensing, meter registration, or meter 
refills. Transactions are requested by the Host PC and sent to the Data Center 
for remote processing. The transactions are processed centrally at the Data 
Center and the results are returned to the Host PC. Accounting for funds and 
transaction processing are centralized at the Data Center. See, for example, 

15 U.S. Patent Numbers 5,454,038 and 4,873,645, which are assigned to the 
assignee of the present invention. 

The virtual meter does not conform to all the current requirements of the 
IBIP Specifications. In particular, the IBIP Specifications do not permit PSD 
functions to be performed at the Data Center. However, it is understood that a 

20 virtual meter configuration with each mailer's PSD located at the Data Center 
may provide an equivalent level of security as required by the IBIP 
Specifications. 

In conventional closed system mechanical and electronic postage meters 
a secure link is required between printing and accounting functions. For postage 

25 meters configured with printing and accounting functions performed in a single, 
secure box, the integrity of the secure box is monitored by periodic inspections of 
the meters. More recently, digital printing postage meters typically include a 
digital printer coupled to a metering (accounting) device, which is referred to 
herein as a postal security device (PSD). Digital printing postage meters have 

30 removed the need for physical protection of the link by cryptographically securing 
the link between the accounting and printing mechanisms. In essence, new 
digital printing postage meters create a secure point to point communication link 
between the PSD and print head. See, for exampl , U.S. Patent Numb r 
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4,802,218, issued to Christopher B. Wright et al. and now assigned to the 
assignee of the present invention. An example of a digital printing postag 
meter with secure print head communication is the Personal Post Office™ 
manufactured by Pitney Bowes Inc. of Stamford, Connecticut. 1 
5 In U.S. Patent Numbers 4,873,645 and 5,454,3,038, a virtual metering 

system and method are disclosed wherein the postal accounting and token 
generation occur at a data center remote from the postage evidencing printer. 
Although the Data Center may be a secure facility, there remain certain inherent 
security issues since the accounting and token generation functions do not occur 
10 in a secure device local to the postage printer. The virtual postage metering 
system includes a computer coupled to an unsecured printer and to a remote 
data metering system. The postal accounting and the token generation occur at 
the Data Center. 

Various Posts, including the United States Postal Service (USPS), are 
15 now considering the viability of a virtual postage metering system. The Data 
Center is a centralized facility under the control of a meter vendor, such as 
Pitney Bowes, or the Postal Service. However, remote access to mailer account 
information, i.e. metering information, is a concern. 

In one type of remote access, such as an ATM card, an identification 
20 password or PIN is used in conjunction with a secure box into which the ATM 
card is inserted to initiate a transaction. The secure box and a data center in 
combination with the card and PIN authenticate the user initiating the 
transaction. In a virtual postage metering system, no secure device is available 
to the user initiating a request for postage. One solution may be to distribute a 
25 secret key to each mailer However, when distributing such keys, once the key 
is compromised, the mailer's account is in jeopardy. 

Disclosure of the Invention 

It has been determined that a virtual postage metering system provides 
benefits that are not available under conventional postage payment systems. 
30 For the Posts, a virtual postage metering system provides central management 
of all postage without the need to manage physical meters or PSDs. A further 
benefit is the opportunity to directly associate a mailer to each mailpiece as 
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opposed to each reset. For mailers, no metering hardware, i.e. postage meter 
or PSD, is needed. Nor do mailers need to maintain current lists of valid 
addresses, such as with purchased CD-ROMs. Mailers can acquire postage 
on an as-needed basis. Finally, meter vendors do not have to keep track of 
5 physical meters. A virtual postage metering system eliminates stolen or 
relocated meter problems and simplifies meter management in general. 

The present invention provides a method for securely controlling 
access to a mailer's account, which resides at a virtual meter data center. The 
present invention comprises means to authenticate a mailer, the secure 

10 distribution of mailer (user) authentication keys and the use of a secure box to 
execute the authentication algorithms. The database in the virtual meter data 
center holds the mailer authentication keys in cipher text to prevent exposure 
of the keys in plain text. The keys are only decrypted when used within the 
secure authentication box. 

15 The present invention provides a method of remotely accessing a 

postage security account at a data center from a remote user device begins 
with a remote user assigning, or being assigned, a password to the user's 
postage security account at a data center. A cryptographic key corresponding 
to the user's postage security account is provided to the remote user device 

20 and is stored at the data center. The password and the cryptographic key are 
combined at the remote user device and the data center respectively to obtain 
a user authentication key. An authentication algorithm is performed using the 
user authentication key to obtain a remote access message. The remote 
access message is sent to the data center to initiate request for access to the 

25 postage security account by the remote user device. The remote user device 
is authenticated for accessing the postage security account when the data 
center verifies the remote access message. 

In accordance with another aspect of the present invention, there is 
provided, a method of remotely accessing a transaction evidencing account at 

30 a data center from a remote user device, the method comprising the steps of: 
providing a password to a user, 
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providing to a remote user device a cryptographic key corresponding 
to the transaction evidencing account at a data center 

combining the password and the cryptographic key to obtain a user 
authentication key; 

5 performing an authentication algorithm using the user authentication 

key to obtain a remote access message; 

sending the remote access message to the data center to initiate a 
request for access to the transaction evidencing account; and 

authenticating the remote user device requesting access to the 
10 transaction evidencing account by verifying the remote access message. 

Brief Description of the Drawings 

The above and other objects and advantages of the present invention 
1 5 will be apparent upon consideration of the following detailed description, taken 
in conjunction with accompanying drawings, in which like reference characters 
refer to like parts throughout, and in which: 
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Fig. 1 is a block diagram of a virtual postage metering system for 
dispensing postage embodying the principles of the present invention; 

Fig. 2 is a block diagram of the Data Center database server and secure 
box for the virtual postage metering system of Fig. 1; i 
5 Fig. 3 is a flow chart of an alternate authentication protocol for the virtual 

postage metering system of Fig.1; 

Fig 4 is a flow chart of the preferred authentication protocol for the virtual 
postage metering system of Fig.1; 

Fig. 5 is a flow chart of a preferred distribution of keys used in the present 
10 invention; and 

Fig 6 is a block diagram of a virtual postage metering system providing 
multiple-password access for each account 

Best Mode for Carrying Out the Invention 

In describing the present invention, reference is made to the drawings, 
15 wherein there is seen in Fig. 1, a virtual postage metering system, generally 
designated 10. The virtual postage metering system 10 includes a plurality (only 
one is shown) of personal computer (PC) systems, generally designated 20, 
each having access to a printer 22 for printing evidence of postage on an 
envelope. PC 20 is connected with a transaction processing Data Center 30 that 
20 performs postal accounting and evidencing of postage. The virtual postage 
metering system 10 allows each mailer to use a conventional PC to remotely 
obtain evidence of postage payment on an as needed basis. Unlike 
conventional postage metering systems, virtual postage metering system 10 
does not include any meter hardware located at the mailer's site. Nor are any 
25 postal funds stored at the mailer's site. All metering and accounting of funds 
occur at Data Center 30 using functional software and database records 
representing each mailer's "postage meter", referred to herein as a "meter 
account*. 

The accounting method for virtual postage metering system 10 may be a 
30 conventional prepayment or post-payment system. The preferred method is a 
prepayment method wherein each mailer is required to put a minimum amount of 
money into the mailer's virtual meter account As account funds drop below a 
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specific lev I a refill is charged against the mailer's account. An alternate 
accounting method that is suitable for a virtual postage metering system is a 
real-time payment method in which the amount of a transaction is charged to a 
mailer's credit card account when the transaction occurs. This method is 
5 referred to herein as a "trickle charge* postage payment because the mailer 
does not pay for postage for a mailpiece until the mailer is ready to print the 
mailpiece. 

In the virtual postage metering system, a "meter" vendor, such as Pitney 
Bowes Inc., provides the mailer with client software that runs on PC 20, e.g., the 

10 client software may be downloaded from the vendor's Internet server. 
Alternatively, the client software may be Internet browser-based pages that 
provide mailer interactions with the Data Center 30. The meter vendor also 
manages Data Center 30. The client software initiates communications with 
Data Center 30 which performs metering transactions to evidence postage for 

15 single mailpieces or batches of mailpieces. In the preferred embodiment, the 
client software establishes a connection to the Data Center, and requests 
postage by providing postal information relating to the requested transactions, 
such as postage amount, addressee information and (optionally) the origin of 
deposit for each mailpiece. Data Center 30 receives the postal information, 

20 determines the origin zip for the mailpiece(s), performs accounting functions and 
generates an encrypted evidence of postage payment, such as a token or digital 
signature, and sends indicium information including the token, to PC 20. PC 20 
receives the indicium information, creates an indicium bitmap, which can be 
displayed on a PC monitor (not shown) and printed on the mailpiece by printer 

25 22. PC 20 then disconnects from Data Center 30 or requests another 
transaction. The connection between PC 20 and Data Center 30 may be 
through a Network Service Provider, such as on the Internet, or by direct dial 
using the PC's modem. 

Virtual postage metering system 10 eliminates the need to maintain and 

30 account for traditional metering devices at each mailer's site and provides 
flexibility for handling requests from multiple origins of deposit by each mailer. 
Virtual postage metering system 10 also provides value added services that are 
not available with conventional meter devices, such as, real-time address 
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hygiene, direct marketing services and trickle charge postage payment. Virtual 
postage metering system 10 provides mailer authentication by Data Center 30 to 
identify mailers with valid accounts. When a mailer has been authenticated for 
each request, for example, by a usemame, password or other conventional 
5 methods, Data Center 30 services the request, and returns indicium information 
to the PC 20 where the indicium is created and printed on the mailpiece. 

Referring again to Fig. 1, the mailer initiates a postage evidencing 
transaction by running client software in PC 20, which contacts Data Center 30. 
At Data Center 30, a Communication Server 32 supports connectivity from 

10 various communication technologies and protocols. The Communication Server 
merges all incoming traffic and routes it to a Function Server 34, which includes 
application software that supports mailer sign-on, postage dispensing and postal 
reporting. All mailer and meter information is accessed from a Database Server 
36 where the information is securely stored using secure cryptographic 

15 processes and protocols as described below. Data Center 30 maintains 
cryptographic keys for each meter account in Database Server 36. The 
cryptographic keys are used for postage evidencing and verification as well as for 
security of the records stored in Database Server 36. A Key Management System 
38 administers all cryptographic keys used in virtual postage metering system 10. 

20 The cryptographic keys may be distributed to verifiers in remote locations. U.S. 
Patent No. 5,812,666, issued September 22, 1998, and assigned to the assignee 
of the present invention, describes such a key management system. 

A mailer may establish a meter account through an on-line sign-up 
process with Data Center- 30. During sign-up, the mailer enters, at PC 20, 

25 account information, such as user name, password and method of payment. Any 
registration fees can be charged at this time. Data Center 30, preferably 
administered by a meter vendor, such as Pitney Bowes Inc., arranges all meter 
licenses and agreements between its mailers and the Post. 

In the present invention, the PSD does not exist, i.e., there is no metering 

30 device coupled to the PC from which postage payment is requested. Virtual 
postage metering system 10 replaces the accounting and metering functions of 
the PSD with metering software and mailer account information performed and 
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updated at Data Center 30. The virtual postage metering system 10 provides each 
mailer with a metering system that has the capability of originating transactions from 
multiple origins of deposit. See, for example, previously noted Canadian Application 
Serial Number 2, 263,436 [Attorney Docket E-735], 
5 Various methods can be used to determine the origin of deposit for a 

requested transaction. For example, a method for determining origin zip code using 
a caller ID from a telephone call is disclosed in U.S. Patent No. 5,943,658, issued 
August 24, 1999, and assigned ot the assignee of the present invention. 

In accordance with the present invention, one or more cryptographic 

10 modules, referred to herein as secure "boxes", are located within Data Center 30 and 
are used to perform cryptographic processes. Each secure box is a secure, tamper- 
evident, tamper-resistant and tamper-responding device, including a processor and 
memory, that stores encryption keys and performs cryptographic operations using 
the keys within the secure boundary of the device. Data Center 30 includes several 

15 types of secure boxes, which are described below. In the preferred embodiment, 
Data Center 30 includes multiple boxes of each type for redundancy and 
performance. 

Key Management System 38 includes a manufacturing box (not shown) that 
provides top-level keys used to generate random numbers for seeding each of the 

20 other secure boxes. By sharing cryptographic keys (secret and/or public), the secure 
boxes communicate securely within Data Center 30. Key Management System 38 
also includes a "steel" box (not shown) that shares a common key with meter box 44 
to encrypt/decrypt master token keys for postage evidencing transactions for each 
meter account. The steel box merges a vendor key and a postal key into one record 

25 in cipher text. For each meter account, Data Center 30 creates a logical meter, i.e. a 
meter record, in Database Server 36 by generating a token key using the vendor and 
postal keys, initializing meter registers (ascending and descending), meter freshness 
data (described below) and other postal information as part of the meter record, and 
then storing the meter record in Database Server 36, 



10 



CA 02263434 1999-02-11 



WO 98/57460 PCT/US98/1 2206 

Data Center 30 also includes a meter box 44 that shares a secret key with 
the steel box for decrypting the token key encrypted in the meter record. Meter 
box 44 also holds the key used for digital signature of transaction records. The 
only other information stored in meter box 44 is freshness data for each meter 
5 record processed by meter box 44. For each postage transaction, meter box 44 
generates at least one digital token or signs the postage transaction, and 
updates the meter record corresponding to the transaction. Each meter record 
in Database Server 36 includes postal funds as well as the token keys in cipher 
text. Meter box 44 uses the token keys to generate tokens, updates the postal 

10 funds in the meter record, and signs the updated meter record. In this manner, 
meter box 44 performs and controls the secure accounting for each transaction. 
Meter box 44 can also be used to verify the token or the transaction signature for 
verification of the postage evidencing for the transaction. 

Data Center 30 also includes an authentication box 40 that shares a 

15 different secret key with the steel box to decrypt a mailer authentication key 
stored in cipher text in Database Server 36. Authentication box 40 also executes 
the authentication algorithms using the decrypted authentication key to 
authenticate a mailer. 

Finally, Data Center 30 includes an transaction box 42 that shares 

20 another secret key with the steel box to sign mailer transaction records other 
than the meter records signed by meter box 44, such as logins and login history 
records. Transaction box 42 later verifies the transaction record signature when 
the next transaction is requested. 

It will be understood "that the functions described for meter box 44, 

25 authentication box 40 and transaction box 42 can be logically separated and 
combined in one box. In the preferred embodiment of the present invention, at 
least the functions of authentication box 40 and meter box 44 are performed in 
separate secure boxes. 

Referring now to Fig. 2, a configuration of Database Server 36, including 

30 a meter database 60, a mailer database 62 and a database of meter records 64, 
is shown. Meter database 60 comprises meter information associated for each 
meter account, such as, meter serial number, piece count of last mailpiece, 
ascending register, descending register and other postal values. Mailer 



11 



CA 02263434 2001-11-27 



database 62 comprises mailer information and information that associates a 
mailer with a meter account. 

In operation, Communication Server 32 receives a request for a meter 
transaction from mailer PC 20. The application software in the Function Server 34 
5 controls the processing of the transaction request. Function Server 34 accesses 
mailer database 62 and meter database 60 to obtain records, including the 
appropriate meter record 64, corresponding to the meter account of the mailer 
initiating the request. Function Server 34 communicates mailer records from 
mailer database 62 to authentication box 40, which then authenticates the mailer 

10 requesting the transaction. Once the mailer has been authenticated, Function 
Server 34 communicates the appropriate meter record 64 to meter box 44, which 
verifies a signature and freshness data for the record. Meter box 44 decrypts the 
encrypted key(s) that are stored within meter record 64, performs accounting 
functions on the ascending and descending registers in meter record 64, and 

15 uses the key(s) to generate a token for the requested transaction. Meter box 44 
then generates data for an indicium, and once again signs meter record 64. The 
updated and signed record is then sent back to Database Server 36 where it is 
stored as part of meter database 60. 

At Data Center 30, the authentication keys are not available in plain text, 

20 but must be distributed to the mailer. Conventional methods of distributing and 
updating the authentication key for each mailer can be used. See, for example; 
previously noted U.S. Patent No. 5,812,666 which describes a key management 
- system for distributing and updating cryptographic- keys to the secure boxes and 
the mailer's PC. 

25 In the preferred embodiment of the present invention, one common key is 

used to sign all transactions and records that require a digital signature, such as, 
meter records, postage transactions, funds transfer records, master account 
records, etc. Multiple boxes of each box are used for redundancy and to share 
the workload as the number of transactions grow. The signing box, such as meter 

30 box 44 or authentication box 40, will also verify the signature of a record. 

With regard to the signature algorithm for meter record 64, a message 
authentication code (MAC) is employed to provide message integrity for the 
sensitive virtual meter records. This MAC involves multiple applications of th 
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Data Encryption Standard (DES). The main requirement for generation of the 
signature keys is that the resulting keys are unpredictable. (The signature keys 
will be updated using the current month and year.) During manufacturing, two 
initial master signature keys will be entered into the non-volatile memory (NVM) 
5 of the secure signature device, i.e. meter box 44. NVM is used both for 
permanent storage and for the prevention of external access to the key 
information. The signature keys are generated or updated from the master 
signature keys and the current month and year in a conventional manner. The 
virtual meter record signature verification algorithm simply recalculates the 
10 signature of the meter record 64 using the signature algorithm and data within 
meter record 64 and compares calculated signature to the signature in meter 
record 64. 

In accordance with the preferred embodiment of the present invention, an 
authentication protocol for the virtual postage metering system uses a shared 

is secret between the Data Center 30 and a remote PC 20. To authenticate a 
mailer (also referred to herein as a user) to the virtual meter data center, the 
mailer must possess a secret key and a password. The secret key is preferably 
stored on removable media, such as a floppy diskette or dongle, so that only the 
mailer in possession of the removable media may access the account Only the 

20 mailer knows the password. The secret key and the password are combined to 
form the authentication key that is used in the authentication protocol. For each 
mailer having a mailer account at Data Center 30, Data Center 30 stores the 
mailer's secret key in Database Server 36. When the mailer's account is 
initialized the mailer's password is combined with the secret key to form the 

25 authentication key which is stored in encrypted form in mailer database 62 at 
Data Center 30. For subsequent communications, Data Center uses the stored 
authentication key, whereas PC 20 generates the authentication key using two 
pieces of information, i.e., the stored secret key and the user password. 

A simple but effective method of combining the two pieces is to exclusive- 

30 or the secret key and the ASCII representation of the password to form the 
authentication key used. Although this method is suitable, it has the drawback of 
restricting the number of characters in the password to the length of the secret 
key in byt s. An alternate method of combining the secret key and password 
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first compresses the ASCII representations of the characters in the password. 
One example restricts the password to alphanumeric characters only and 
encodes each character with 6 bits or using a cryptographic hash to compress 
the password to the desired size. Again, the password would be exclusive-ored 
5 with the secret key to produce the authentication key. The latter method allows 
longer passwords to be used, although both methods are sufficient for a desired 
level of security. 

Referring now to Fig. 3, one embodiment of the present invention is 
shown wherein the password is used as a key itself for the authentication 

10 protocol. Ka is the secret key stored on the user's removable media and Ku is an 
authentication key derived from the user's password. IDu is the user's ID, IDdc is 
the Data Center ID, Cu is the user's challenge, Coc is the Data Center's 
challenge, [Cu, CdcJKa denotes a digital signature of the user's challenge and the 
Data Center's challenge signed with the secret key, {CdcJKa denotes an 

15 encryption of the Data Center's challenge using the secret key, and {Cdc}Ku 
denotes an encryption of the Data Center's challenge using the authentication 
key. Authentication is assured by knowledge of the user's authentication key Ku 
that is established by combining Ka and the user's password prior to any 
communication. 

20 At step 100, PC 20 initiates communication with Data Center 30, sending 

the user's ID and the user's challenge in plain text to Data Center 30. At step 
105, Data Center 30 responds with plain text of the Data Center ID, the user's 
ID, the user's challenge and the Data Center's challenge, and a digital signature 
of the user's challenge and the Data Center's challenge signed with the secret 

25 key. At step 110, PC 20 creates the user's authentication key Ku by combining 
the user's password and secret key Ka stored on a diskette, the distribution of 
which is described below. At step 115, PC 20 verifies the digital signature of the 
user's challenge and the Data Center's challenge using secret key Ka- If not 
verified, the Data Center is alerted and the communication terminated. At step 

30 120, PC 20 encrypts the Data Center's challenge using the user's authentication 
key Ku and encrypts it again using secret key Ka. PC 20 then sends to Data 
Center 30 the user's ID, the Data Center ID, and the two encryptions of the Data 
Center's challenge. At step 125, Data Center 30 verifies the user's ID, the Data 
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Center ID, and the two encryptions of the Data Center's challenge to compl te 
authentication protocol. If not verified, PC 20 is alerted and the communication 
terminated. Data Center 30 creates user's authentication key Ku by combining 
secret key Ka and the user's password, which is stored at Data Center 30 prior to 
5 this communication, as described below in Figs. 5 and 6. 

In the above embodiment, anyone with the user's disk with the secret key 
Ka, e.g. an attacker, can masquerade as the Data Center. Since the user's disk 
has the private key stored thereon, by accessing an old message, an attacker 
can determine the user's password. Therefore, it is important for the user to use 

10 a strong password. 

Referring now to Fig 4, the preferred embodiment of the present invention 
uses the user's authentication key K Uf which is a combination of Ka and the 
user's password. User's authentication key Ku is created in PC 20 for each 
communication session with Data Center 30. 

15 At step 200, PC 20 initiates communication with Data Center 30, sending 

the user's ID and the user's challenge in plain text to Data Center 30. At step 
205, Data Center 30 and then responds with plain text of the Data Center ID, the 
user's ID, the user's challenge and the Data Center's challenge, and a digital 
signature of the user's challenge and the Data Center's challenge signed with a 

20 user's authentication key Ku, which has been established prior to this 
communication, as described in Figs. 5 and 6 below. At step 208, PC 20 
generates Ku by combining K A and the user's password. At step 210, PC 20 
verifies the digital signature of the user's challenge and the Data Center's 
challenge using the user's authentication key Ku. If not verified, the Data Center 

25 is alerted and the communication terminated. At step 215, PC 20 encrypts the 
Data Center's challenge using the user's authentication key Ku. PC 20 then 
sends to Data Center 30 the user's ID, the Data Center ID, and the encrypted 
Data Center's challenge. At step 220, Data Center 30 verifies the user's ID, the 
Data Center ID, and the encrypted Data Center's challenge to complete 

30 authentication protocol. If not verified, PC 20 is alerted and the communication 
terminated. 

At Data Center 30, the computations involved in the authentication 
protocol are carried out in the secure authentication box 40. The purpose of this 
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box is simply to decrypt the authentication key for the protocol and to use the 
authentication key in a secure, tamper-proof environment. 

The user and the virtual meter data center must share the key Ka used in 
the authentication protocol. A variety of methods are available to distribute 
5 authentication keys to enable other security services for a new client. Each 
method uses a different means to distribute software and keying material to the 
mailer. In the first method, software packages are manufactured with 
individualized keys on each diskette. The mailer purchases a software package 
and installs the software on PC 20. At signup, the disk serial number is sent to 

10 the Data Center 30 so that Data Center 30 can associate the secret key with the 
new mailer. The mailer also chooses a password at this time, which is also sent 
to Data Center 30. At this time, there is no mechanism to securely communicate 
the mailer's sensitive information, such as the password and credit card number. 
However, the secret key initially on the diskette could be used as a 

15 communication key for uploading such sensitive data to Data Center 30 and for 
downloading a secret key for future logins. 

In the second method, after signup, a diskette or dongle is manufactured 
with key material and sent to the mailer. The mailer must now wait to receive its 
key before postage can be requested and dispensed. At this time, there is no 

20 mechanism to securely communicate the mailer's sensitive information such as the 
password and credit card number. However, the secret key initially on the 
diskette could be used as a communication key for uploading such sensitive data 
to Data Center 30 and for downloading a secret key for future logins. 

The first and second methods both place a burden on manufacturing. 

25 The following alternate methods are preferred for distributing the virtual meter 
software. 

In a third method, a virtual meter public key is used to enable signup, 
downloads the software package. The software package includes the virtual 
meter public key. The mailer installs software into PC 20. The virtual postage 
30 metering system setup uses pseudorandom data (obtained from the mailer's 
machine or from the mailer's keystrokes) to seed a process which generates the 
authentication key. The mailer also chooses a password at this time. The mailer 
memorizes the password and the secret key is stored onto the hard drive or 
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removable media (diskette or dongle). At signup, the mailer's sensitive data 
such as credit card information and the authentication key for the authentication 
protocol is encrypted with the virtual meter public key and uploaded to the virtual 
meter data center. Data Center 30 decrypts the sensitive data with the virtual 
5 meter private key and securely stores this data. A public key toolkit can provide 
the tools to enable this. 

Finally, in a fourth method for distributing keys, a client public key is used 
to enable signup. The mailer downloads or purchases the software package and 
installs the software in PC 20. Setup uses pseudorandom data (obtained from 

10 the mailer's machine or from the mailer's keystrokes) to seed a process which 
generates a public/private key pair. The mailer also chooses and memorizes a 
password at this time. At signup, the mailer uploads the client public key to the 
virtual meter data center. Data Center 30 generates the key for the 
authentication protocol, encrypts it with the client public key and returns it to the 

15 mailer. The mailer decrypts the authentication key for the authentication protocol 
with the client private key and splits "rt into the secret key and the password. The 
secret key is stored onto the hard drive or, preferably, onto removable media 
(diskette or dongle). Note that this method does not allow a natural mechanism 
for uploading credit card information to the virtual meter data center. A public 

20 key toolkit can provide the tools to enable this. 

Note that the methods employing public key cryptography are preferred. 
Method 3 has the advantage of being able to upload all sensitive data at sign-up 
whereas method 4 has the advantage of being able to control the generation of 
keys for the authentication protocol at Data Center 30.- Clearly, the benefrts of 

25 methods 3 and 4 can simultaneously be realized by using a public/private key 
pairforboth the Data Center 30 and the mailer. 

Referring now to Fig. 5, the distribution of the secret key and initialization 
of the authentication key for the preferred embodiment is shown. At step 300, 
the key management system 38 distributes the secret key Ka to PC 20 (using 

30 one of the above-described methods) and to Data Center 30 for user's account. 
At step 305, PC 20 holds/stores the secret key K A depending on the method of 
distribution. At step 310, Data Center 30 stores the secret key Ka in a file record 
for the user's account. At step 315, PC 20 sends the user password to Data 
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Center 30. At step 320, Data Center 30 optionally stores the password in the file 
record for the user's account At step 325, Data Center 30 combines the secret 
key and the password to create the user's authentication key Ky and stores the 
authentication key in the file record for the user's account. Alternatively, at step 
5 315, the PC 20 sends the user's authentication key ku Data Center 30 in lieu of 
sending the password. In this alternative approach, Data Center 30 does not 
have to create the user's authentication key Ku and, therefore, does not access 
to the password. 1 

r 

The present invention provides an additional advantage for a mailer 

10 desiring multiple sub-accounts, such as departmental accounts, within the 
mailer's main metering account at Data Center 30. Referring now to Fig. 6, a 
single mailer account may be set up for use with multiple passwords PWi, PW 2 , 
... PW N using a single secret key Ka. At step 400, the key management system 
38 distributes the secret key K A to PC 20 (using one of the above-described 

15 methods) and to Data Center 30 for the user's account. At step 405, PC 20 
holds/stores the secret key Ka depending on the method of distribution. At step 
410, Data Center 30 stores the secret key K A in a file record for the user's 
account. At step 415, PC 20 sends multiple passwords PW 1t PW 2 , ... PW N to 
Data Center 30. At step 420, Data Center 30 optionally stores the multiple 

20 passwords in corresponding sub-accounts in the file record for the user's 
account At step 425, Data Center 30 combines the secret key Ka with each of 
the multiple passwords to obtain respective authentication keys (Kui, Ku2, ... 
Kun) for each of the sub-accounts and stores the authentication keys in the 
corresponding sub-accounts in the file record for the user's account. 

25 Steps 320 and 420 are optional because once the user's authentication 

key Ku is created, Data Center 30 no longer needs access to the secret key Ka 
and the user's password(s). Although stored user password(s) at Data Center 
30 can be used when a user forgets a password, other methods can be used to 
recover from a lost password. See, for example, U.S. Patent Number 5,590,198. 

30 it will be understood that, although the embodiments of the present 

invention are described as postage metering systems, the present invention is 
applicable to any value metering system that includes transaction evidencing, 
such as monetary transactions, item transactions and information transactions. 

18 
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While the present invention has been disclosed and described with 
reference to embodiments thereof, it will be apparent, as noted above, that 
variations and modifications, such as using public keys instead of private keys, 
may be made therein. It is, thus, intended in the following claims to cover 1 each 
variation and modification that falls within the true spirit and scope of the present 
invention. 

Personal Post Office™ is a trademark of Pitney Bowes Inc., the assignee 
of the present invention. 
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